MOORUP TECHNLOGY
PRIVACY POLICY

                                                

  
1 PURPOSE OF OUR POLICY 

1.1 This Privacy Policy is for Moorup Technology Pty Ltd ACN 628 238 951 (we, us or   
our). 

1.2 We have adopted this Privacy Policy to ensure that we have standards in place to   
protect the Personal Information that we collect about individuals that is   
necessary and incidental to: 

(a) Providing the system and services that we offer; and  
(b) The normal day-to-day operations of our business. 

1.3 This Privacy Policy follows the standards of both:   

(a) The Australian Privacy Principles set by the Australian Government for the   
handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy   
Act); and  
(b) The regulations and principles set by the European Union’s General Data   
Protection Regulation (GDPR) for the handling of Personal Data.

  
1.4 By publishing this Privacy Policy, we aim to make it easy for our customers and   
the public to understand what Personal Information we collect and store, why we   
do so, how we receive, obtain, store and/or use that information, and the rights   
of control an individual has with respect to their Personal Information in our   
possession.  

2 WHO AND WHAT THIS POLICY APPLIES TO  

2.1 Our Privacy Policy deals with how we handle “personal information” and “personal   
data” as it is defined in the Privacy Act and the GDPR respectively (Personal   
Information). 

2.2 We handle Personal Information in our own right and also for and on behalf of   
our customers and users. 

2.3 Our Privacy Policy does not apply to information we collect about businesses or   
companies, however it does apply to information about the people in those   
businesses or companies which we store.

2.4 The Privacy Policy applies to all forms of information, physical and digital, whether   
collected or stored electronically or in hardcopy. 

2.5 If, at any time, an individual provides Personal Information or other information   
about someone other than himself or herself, the individual warrants that they   
have that person’s consent to provide such information for the purpose specified. 

2.6 We consider the protection of privacy of children very important. We do not   
knowingly collect personal data from children under the age of 18 without   
obtaining parental consent. If an individual is under 18 years of age, then they   
should not use or access the service at any time or in any manner. If we learn that   
Personal Information has been collected on the service from persons under 18   
years of age and without verifiable parental consent, then we will take the   
appropriate steps to delete such information. 

3 THE INFORMATION WE COLLECT  

3.1 Without limitation, the type of information we may collect is:

(a) Personal Information. We may collect personal details such as an   
individual’s name, location, date of birth, nationality, family details and   
other information defined as “Personal Information” in the Privacy Act   
that allows us to identify who the individual is;  
(b) Contact Information. We may collect information such as an individual’s   
email address, telephone & fax number, third-party usernames,   
residential, business and postal address and other information that allows   
us to contact the individual;  
(c) Financial Information. We may collect financial information related to   
an individual such as any bank or credit card details used to transact with   
us and other information that allows us to transact with the individual   
and/or provide them with our services;  
(d) Statistical Information. We may collect information about an   
individual’s online and offline preferences, habits, movements, trends,   
decisions, associations, memberships, finances, purchases and other   
information for statistical purposes;   
(e) Information an individual sends us. We may collect any personal   
correspondence that an individual sends us, or that is sent to us by others   
about the individual’s activities.  

3.2 We may collect other Personal Information about an individual, which we will   
maintain in accordance with this Privacy Policy. 

3.3 We may also collect non-Personal Information about an individual such as   
information regarding their computer, network and browser. Where non-
Personal Information is collected the Australian Privacy Principles and the GDPR   
do not apply.  

4 HOW INFORMATION IS COLLECTED  

4.1 Most information will be collected in association with an individual’s use of our   
online store (Moorup), an enquiry about Moorup or generally dealing with us.   
However, we may also receive Personal Information from sources such as   
advertising, an individual’s own promotions, public records, mailing lists,   
contractors, staff, recruitment agencies and our business partners. In particular,   
information is likely to be collected as follows: 

(a) Order. When an individual purchases a product on Moorup, whereby   
they enter Personal Information details in order to complete the order.  
(b) Supply. When an individual supplies us with goods or services;  
(c) Contact. When an individual contacts us in any way;  
(d) Access. When an individual accesses us physically we may require them   
to provide us with details for us to permit them such access. When an   
individual accesses us through the internet we may collect information   
using cookies or analytical services; and/or  
(e) Pixel Tags. Pixel tags enable us to send email messages in a format   
customers can read and they tell us whether mail has been opened. 

4.2 As there are many circumstances in which we may collect information both   
electronically and physically, we will endeavour to ensure that an individual is   
always aware of when their Personal Information is being collected. 

4.3 Where we obtain Personal Information without an individual’s knowledge (such   
as by accidental acquisition from a client) we will either delete/destroy the   
information, or inform the individual that we hold such information, in   
accordance with the Australian Privacy Principles and the GDPR.   

5 WHEN PERSONAL INFORMATION IS USED & DISCLOSED 

5.1 In general, the primary principle is that we will not use any Personal Information   
other than for the purpose for which it was collected other than with the   
individual’s permission. The purpose of collection is determined by the   
circumstances in which the information was collected and/or submitted. 

5.2 We will only process Personal Information when we can identify a lawful basis to   
do so. It is always our responsibility to ensure that we can demonstrate which   
lawful basis applies to the particular processing purpose.

5.3 The most common lawful bases relied upon are: 

(a) Consent: we will only rely upon express, clear and informed consent. Any   
consent provided may specify and/or restrict the purpose and can be   
withdrawn at any time without penalty. We will keep a record of when and   
how we got consent from an individual.  
(b) Legitimate interests: we will only rely upon an identifiable legitimate   
interest where we can demonstrate that the processing of Personal   
Information is necessary to achieve it by balancing it against the   
individual’s interests, rights and freedoms. We will keep a record of our   
legitimate interests’ assessments. 

5.4 We will retain Personal Information for the period necessary to fulfil the purposes   
outlined in this Privacy Policy unless a longer retention period is required or   
permitted by law. 

5.5 We may disclose the data that we collect from you to related third parties. When   
we provide your individual’s Personal Information to third parties it will be done   
in a manner compliant with the Australian Privacy Principles and the GDPR in the   
course of our business. We will not disclose or sell an individual’s Personal   
Information to unrelated third parties under any circumstances, unless the prior   
written consent of the individual is obtained. 

5.6 Information is used to enable us to operate our business, especially as it relates   
to an individual. This may include: 

(a) The provision of goods and services between an individual and us;  
(b) Verifying an individual’s identity;  
(c) Communicating with an individual about: 

i Their relationship with us;  
ii Our goods and services;  
iii Our own marketing and promotions to customers and prospects;  
iv Competitions, surveys and questionnaires; 

(d) Investigating any complaints about or made by an individual, or if we have   
reason to suspect that an individual is in breach of any of our terms and   
conditions or that an individual is or has been otherwise engaged in any   
unlawful activity; and/or   
(e) As required or permitted by any law (including the Privacy Act).

5.7 The individual shall have the right to object at any time to the processing of their   
Personal Information for direct marketing purposes, which includes profiling to   
the extent that it is related to such direct marketing. If we receive such a request,   
we will stop the processing of Personal Information for direct marketing purposes   
immediately without charge or penalty. 

5.8 There are some circumstances in which we must disclose an individual’s   
information: 

(a) Where we reasonably believe that an individual may be engaged in   
fraudulent, deceptive or unlawful activity that a governmental authority   
should be made aware of;  
(b) As required by any law (including the Privacy Act); and/or  
(c) In order to sell our business (in that we may need to transfer Personal   
Information to a new owner). 

5.9 We may utilise third-party service providers to communicate with an individual   
and to store contact details about an individual. These service providers may be   
located outside of Australia. 

5.10 An individual who uses Moorup from outside of Australia will be sending   
information (including Personal Information) to Australia where our servers are   
located. That information may then be transferred within the Australia or back   
out of the Australia to other countries outside of the individual’s country of   
residence, depending on the type of information and how it is stored by us. These   
countries may not necessarily have data protection laws as comprehensive or   
protective as those in your country of residence, however our collection, storage   
and use of Personal Information will at all times continue to be governed by this   
Privacy Policy.

6 OPTING “IN” OR “OUT” 

6.1 An individual may opt to not have us collect and/or process their Personal   
Information. This may prevent us from offering them some or all of our services   
and may terminate their access to some or all of the services they access with or   
through us. They will be aware of this when: 

(a) Opt In. Where relevant, the individual will have the right to choose to   
have information collected and/or receive information from us (for clarity,   
consent must involve an unambiguous positive action to opt in); or  
(b) Opt Out. Where relevant, the individual will have the right to choose to   
exclude himself or herself from some or all collection of information   
and/or receiving information from us.

6.2 If an individual believes that they have received information from us that they did   
not opt in or out to receive, they should contact us using the details as set out in   
section 11 below.   

7 THE SAFETY & SECURITY OF PERSONAL INFORMATION 

7.1 We may appoint a Data Protection Officer to oversee the management of this   
Privacy Policy and compliance with the Australian Privacy Principles, the Privacy   
Act and the GDPR. This officer may have other duties within our business and also   
be assisted by internal and external professionals and advisors. 

7.2 We will take all reasonable precautions to protect an individual’s Personal   
Information from unauthorised access. This includes appropriately securing our   
physical facilities and electronic networks. 

7.3 We use SSL encryption to store and transfer Personal Information. Despite this,   
the security of online transactions and the security of communications sent by   
electronic means or by post cannot be guaranteed. Each individual that provides   
information to us via the internet or by post does so at their own risk. We cannot   
accept responsibility for misuse or loss of, or unauthorised access to, Personal   
Information where the security of information is not within our control. 

7.4 We are not responsible for the privacy or security practices of any third party   
(including third parties that we are permitted to disclose an individual’s Personal   
Information to in accordance with this policy or any applicable laws), unless   
otherwise required by the Privacy Act and the GDPR. The collection and use of an   
individual’s information by such third parties may be subject to separate privacy   
and security policies. 

7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their   
Personal Information, they should let us know immediately.  

7.6 We are not liable for any loss, damage or claim arising out of another person’s   
use of the Personal Information where we were authorised to provide that person   
with the Personal Information. 

7.7 Where there is a breach of security leading to the accidental or unlawful   
destruction, loss, alteration, unauthorised disclosure of, or access to, Personal   
Information, then: 

(a) We will immediately establish the likelihood and severity of the resulting   
risk to wider rights and freedoms of natural persons;   
(b) If we determine there is a risk from the security breach, then we will   
immediately notify the relevant supervisory authority and provide all   
relevant information on the particular breach, and by no later than 72   
hours after having first become aware of the breach; 
Last Updated: 20240507 Page 7 of 9  
(c) If we determine there is a high risk from the security breach (a higher   
threshold than set for notifying supervisory authorities), we will   
immediately notify the affected individuals and provide all relevant   
information on the particular breach without undue delay. 

7.8 We will document the facts relating to any security breach, its effects and the   
remedial action taken, and investigate the cause of the breach and how to prevent   
similar situations in the future. 

  
8 HOW TO ACCESS, UPDATE AND/OR REMOVE INFORMATION  

8.1 Subject to the Australian Privacy Principles and the GDPR, an individual has the   
right to request from us the Personal Information that we have about them, and   
we have an obligation to provide them with such information as soon as   
practicable, and by no later than 28 days of receiving the written request. The   
individual is free to retain and reuse their Personal Information for their own   
purposes. We may be required to transmit the Personal Information directly to   
another organisation if this is technically feasible. 

8.2 If an individual cannot update their own information, we will correct any errors in the Personal Information we hold about an individual within 28 days of receiving   
written notice from them about those errors, or two months where the request   
for rectification is complex.

 
8.3 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.  

8.4 Where a request to access Personal Information is manifestly unfounded,   
excessive and/or repetitive, we may refuse to respond or charge an individual a   
reasonable fee for our costs incurred in meeting any of their requests to disclose   
the Personal Information we hold about them. Where we refuse to respond to a   
request, we will explain why to the individual, informing them of their right to   
complain to the supervisory authority and to a judicial remedy without undue   
delay and at the latest within 28 days. 

8.5 We may be required to delete or remove all Personal Information we have on an  individual upon request in the following circumstances: 

(a) Where the Personal Information is no longer necessary in relation to the   
purpose for which it was originally collected and/or processed;  
(b) When the individual withdraws consent;  
(c) When the individual objects to the processing and there is no overriding   
legitimate interest for continuing the processing;
Last Updated: 20240507 Page 8 of 9  
(d) The processing of the Personal Information was otherwise in breach of   
the GDPR;  
(e) The Personal Information has to be erased in order to comply with a legal   
obligation; and/or  
(f) The Personal Information is in relation to a child. 

8.6 We may refuse to delete or remove all Personal Information we have on an   
individual where the Personal Information was processed for the following   
reasons: 

(a) To exercise the right of freedom of expression and information;  
(b) To comply with a legal obligation for the performance of a public interest   
task or exercise of official authority.  
(c) For public health purposes in the public interest;  
(d) Archiving purposes in the public interest, scientific research historical   
research or statistical purposes; or  
(e) The exercise or defence of legal claims.  

9 COMPLAINTS AND DISPUTES 

9.1 If an individual has a complaint about our handling of their Personal Information,   
they should address their complaint in writing to the details below.

9.2 If we have a dispute regarding an individual’s Personal Information, we both   
should first attempt to resolve the issue directly between us. 

9.3 An individual shall have the right to seek a judicial remedy where he or she   
considers that his or her rights under the GDPR have been infringed as a result of   
the processing of his or her Personal Information in non-compliance with the   
GDPR. Any proceedings should be commenced in Victoria, Australia, where we are   
established.

9.4 If we become aware of any unauthorised access to an individual’s Personal   
Information we will inform them at the earliest practical opportunity once we   
have established what was accessed and how it was accessed.  

10 CONTACTING INDIVIDUALS 

10.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Where such information is materially important to the individual’s interaction with us, they may not opt out of receiving these communications.  

11 CONTACTING US 

11.1 All correspondence with regards to privacy should be addressed to:  
Data Protection Officer Moorup Technology support@moorup.com.au.  
You may contact the Data Protection Offer via email in the first instance.  

12 ADDITIONS TO THIS POLICY 

12.1 If we decide to change this Privacy Policy, we will post the changes on our   
webpage at https://www.moorup.com.au. Please refer back to this Privacy Policy   
to review any amendments.  
12.2 We may do things in addition to what is stated in this Privacy Policy to comply with   
the Australian Privacy Principles and the GDPR, and nothing in this Privacy Policy   
shall deem us to have not complied with the Australian Privacy Principles and the   
GDPR.